You applied for a business bank account. Got rejected. But nobody told you why.
That’s not unusual.
Between January 2020 and April 2024, the FCA rejected roughly 85% of crypto firm applications. Not because those firms were doing anything illegal, but because their documentation didn’t meet the standard. Banks apply the same filter.
They don’t reject the business. They reject the file.
The difference between an application that moves and one that stalls for months usually comes down to seven documents. Here’s what they are, what the underwriter actually inspects inside each one, and where first-time applicants get caught.
Quick Takeaways
- Banks assess the application file, not the business model alone. A compliant exchange with a weak pack gets the same rejection as an unlicensed one
- Your AML/CFT policy is the highest-impact document and the one most likely to arrive as a generic template
- Blockchain analytics and Travel Rule tooling must be paid, configured, and live at submission. “We plan to subscribe” is a rejection trigger
- Source-of-wealth evidence for every founder needs independent third-party documentation, not a narrative about early Bitcoin holdings
- A bank-grade application pack runs 200–400 pages and typically takes 8–16 weeks to prepare
1. Corporate KYB Pack With UBO Disclosure
The corporate pack is table stakes. The part that kills applications is an incomplete or unclear group structure chart.
Every bank and EMI wants the standard corporate bundle: Companies House extract (or equivalent) issued within the last three months, certified articles, a board resolution authorising the application, and a register of directors and shareholders. But the document that underwriters spend the most time on is the group structure chart.
It needs to show every entity in the corporate family, its jurisdiction, its licence status, and the shareholding chain down to every ultimate beneficial owner at 25% or above (10% or above at many EMIs).
Undisclosed nominees, unexplained BVI or Seychelles holding layers, and recent share transfers within the last 12 months are immediate decline triggers. The chart should fit on a single page, with a separate tabbed pack behind it containing passports, proof of address, CVs, and adverse media checks for each UBO.
2. Regulatory Licence or Registration Evidence
The licence must name the exact legal entity opening the account. A mismatch between the licensed entity and the applying entity is the single most common reason for a Request for Information.
Underwriters check three things: the entity name matches, the activity scope covers what you’re actually doing, and the licence is current. Acceptable registrations vary by corridor. FCA MLR registration carries weight in the UK. MiCA CASP authorisation matters in the EU. FinCEN MSB registration plus state money-transmitter licences are the minimum in the US. VARA, ADGM FSRA, and MAS DTSP cover their respective corridors.
Two patterns get flagged immediately: an expired or dormant registration presented as current, and activity that exceeds the licence perimeter (an Estonian-registered firm onboarding US customers without state MTLs, for example).
EU exchanges face a hard deadline here. MiCA’s transitional period ends 1 July 2026, and banks are already rejecting EU-targeting applicants who can’t show a credible authorisation pathway.
3. AML/CFT Policy and Procedures Manual
This is the document that decides outcomes. The FCA has explicitly said it rejects “generic, off-the-shelf, high-level” AML frameworks. Banks apply the same standard.
A bank-grade AML policy for a crypto exchange isn’t a 20-page template. It’s a bespoke, board-approved, version-controlled manual running 80–150 pages, with another 200–400 pages of operational procedures behind it. It names a dedicated MLRO with no commercial conflicts.
It contains a Business-Wide Risk Assessment with inherent, control, and residual risk scored separately. And it addresses crypto-specific typologies: mixers, privacy coins (Monero, Zcash, Dash), chain-hopping, peel chains, sanctioned-address indirect exposure, and Tornado Cash.
The five sections most commonly missing from first-time applications, based on FCA feedback and underwriter RFI patterns, are:
- Token-listing or vetting policy (what criteria determine which assets you’ll support)
- A privacy-coin policy (will you list them, and if so, with what monitoring uplift)
- Travel Rule procedures for unhosted-wallet transfers above threshold
- Proliferation-financing coverage (required since the 2022 MLR amendments)
- A BWRA where residual risk is properly calculated rather than asserted.
If your AML policy uses “we will” or “we plan to” language instead of “we do,” it’s not ready.
4. Business Plan, Financial Projections, and Audited Financials
Banks don’t just want to know what you do. They want to see that your volumes, staffing, and compliance tools all tell the same story.
The business plan needs a product description, target customer base, geographic footprint, fee structure, and three-year financial projections. But two items carry more weight than the narrative: the end-to-end flow-of-funds diagram (covering both fiat and crypto legs, with every liquidity provider and counterparty VASP named) and the volume projections.
If your projected volumes imply customers in jurisdictions you’re not licensed for, the underwriter will notice. If your volumes require 50 staff but your org chart shows 12, they’ll notice that too.
Audited financials should be less than 12 months old, supplemented by recent quarterly management accounts and a 13-week cashflow forecast.
5. Source of Funds and Source of Wealth for Every UBO
This is where crypto founders get caught. “I bought Bitcoin early” isn’t a source-of-wealth narrative. It’s a sentence that triggers enhanced due diligence.
For each UBO, banks want a written narrative with a chronological event table, backed by independent third-party evidence: payslips, employment contracts, share-sale SPAs, tax returns, dividend vouchers, real-estate deeds. For seed capital raised in crypto, they’ll ask for the investor list with KYC, term sheets, and blockchain-analytics provenance of the receiving addresses.
Mixer or privacy-coin history in a UBO’s personal wallets is generally disqualifying. Capital that has passed through three or more jurisdictions without clear documentation gets flagged. And funds from another exchange that was itself debanked will draw intense scrutiny. Budget 10–20 pages per founder, with an aggregate “Sources of Initial Capital” memo that reconciles to the share register.
6. Compliance Technology Evidence
Underwriters don’t just ask whether you have a Chainalysis subscription. They ask to see the rule-book, the chain coverage, and a sample alert disposition.
Three categories of tooling are expected: blockchain analytics (Chainalysis KYT, Elliptic Lens, TRM Labs, Crystal, or Merkle Science), Travel Rule compliance (Notabene, Sumsub Travel Rule, Sygna Bridge, or equivalent), and KYC/sanctions screening (Sumsub, Onfido, ComplyAdvantage, World-Check, or similar).
The critical point: all three must be paid, configured, and live at the time of submission. The FCA’s published guidance requires tooling that is “selected, configured, and tested.” Free-trial screenshots don’t count. Neither does a vendor with no coverage for the chains you actually support.
Banks will request invoices, a list of supported chains, screenshots of your configured rule-set, and a memo mapping your monitoring rules to the typologies in your BWRA. Prepare a 5–10 page “Compliance Technology Stack” document with architecture diagrams and sample alert dispositions.
7. Client-Funds Safeguarding and Segregation Arrangements
If you can’t demonstrate that customer fiat is segregated from operating funds in an independent account with no right of set-off, the application stops.
Banks want to see a safeguarding acknowledgment letter from the institution holding customer funds, confirming no right of set-off or lien. They’ll ask for daily D+1 reconciliation evidence.
For crypto custody, they want your wallet architecture documented (hot, warm, cold; MPC vs multi-sig), a third-party custodian agreement with SOC 2 Type II certification (BitGo, Fireblocks, Copper, or Anchorage are the names that move the needle), and insurance certificates.
Commingled wallets are disqualifying. Customer fiat held beyond D+1 in an operating account is disqualifying. Self-custody with no independent custodian will close the conversation at most banks. MiCA Article 70 codifies these segregation requirements for EU applicants, and banks in the UK and UAE apply similar expectations even where the statute doesn’t require it.
The Bottom Line
A bank-grade application pack, assembled properly, typically runs 200–400 pages and takes 8–16 weeks to prepare. The firms that treat it as the product, not the afterthought, move through onboarding in three to six months with two to four RFI rounds. The ones that submit a partial file and plan to “fill in the gaps later” lose six months and often end up starting over with a different institution.
If you’re preparing a crypto exchange banking application or recovering from a rejection, talk to Capitalixe. We can tell you within 48 hours which institutions have current appetite for your licence type, jurisdiction, and volume profile, and what your file needs before it goes in front of an underwriter.
